SINTEF researcher Marie Moe has a pacemaker. To her surprise, she discovered that it can be hacked. She recently held a presentation about the dangers when "everything" is connected to the Internet. Photo: Andreas Buarø

Researcher’s heart problems uncover security gap

Marie Moe, who is a SINTEF researcher in cybersecurity, discovered that her heart is being regulated by a pacemaker which can be hacked.

“I was shocked to discover that my pacemaker could be connected to the internet”, says Marie Moe. “It was then I realised that it’s possible for some computer nerd to hack the system and effectively control my heart. It was a very unpleasant experience”, she says.

She recently attended the 2017 Lerchendal Conference in Trondheim, Norway, themed ‘Digital Force for Change’, where cybersecurity was one of the subsidiary topics. Moe’s personal experience of the importance of this subject has resulted in her currently leading a SINTEF project looking into pacemakers and their security.

“My pacemaker can be hacked and the personal data it contains stolen”, she says. “In the worst case, human error by a hacker could be fatal. Or I could become exposed to blackmail. We cannot trust this technology. We’re very vulnerable now that anything and everything can be connected to the internet”, she explains.

Cyber wars have arrived!

The security challenges linked to what is perhaps the world’s greatest invention – the internet – do not only affect individuals. In 2014, industry giant Statoil was caught off guard when an IT technician pressed the wrong button, got in behind the firewall, and brought production to a standstill. Since then, there have been many similar incidents both on oil platforms and onshore installations that potentially could have been very dangerous. The Ukraine was subjected to a hacker attack which resulted in large segments of the country’s finance system being put out of action.

“We’re now in the middle of what could be called cyberwarfare and cyber criminality”, says Sofie Nystrøm, who is Director of the Center for Cyber and Information Security (CCIS). “It’s a situation that we don’t quite know how to handle. We need to a get a lot of experts putting their heads together, and more and more looking into this field”, she says.

Several studies are now demonstrating that Norway is a world leader in digitisation both within the private and public sectors. They also show that we are facing some major potential challenges when it comes to cybersecurity.

“The internet we have today was not designed to handle oil and gas, electricity distribution or transport systems”, says Nystrøm. It is built on very unstable foundations”, she says.

Clueless health personnel

The results of Moe’s project are not ready yet, but she is already travelling the world and telling her story about this vital topic. Five years ago her life was turned upside down when she experienced a fall and later found out that there was something wrong with her heart. A pacemaker was fitted, but none of the health personnel she came into contact with had any knowledge about the fact that it could be connected to the internet.

“This function is now switched off, and when the time comes to fit a new pacemaker, I’ll ask to have one that can’t be hooked up to the internet”, says Moe.

When nations or companies are subject to hacker attacks, this doesn’t only frighten individuals, but can also result in financial losses.

“A survey of cyber attacks shows that in 2016 they cost the global community USD 445 billion”, says Håkon Haugli, who is CEO at Abelia, a Norwegian federation of technology companies. This is big money, and the survey has shown that our understanding of this subject is woefully inadequate”, he says.

“What is the most important thing we can do to boost security?”

“We must continue to promote a security culture at individual, corporate and national levels”, says Haugli. “In Norway we tend to trust our employers and the public authorities, but it’s only a small step from trust to naivety. I also believe that stricter legislation linked to cybersecurity may put pressure on developers and suppliers”, he says.

Moe believes that suppliers must be made to feel a greater sense of responsibility when it comes to security.

“There’s probably a good deal of technology out there that shouldn’t be connected to the internet – if for no other reason than that it’s insufficiently mature” she says.

CONTACT

RELATED ARTICLES

Norwegian research scientists are contributing to the development of the world’s hottest geothermal well in a non-volcanic area. The goal is to exploit the inexhaustible supply of heat from the interior of the Earth, and this calls for equipment that can withstand the most extreme conditions.

The aim of the national campaign “Sammen redder vi liv” (Saving lives together) is to encourage Norwegians to save more lives. Children are included, and researchers have been given the job of ensuring that it succeeds.

A headset and a little electronics might be all it takes to enable nine-year-old Sharleen, who has hearing difficulties, to get an education and a life free of poverty. She is now getting help from Norwegian researchers.

MORE NORWEGIAN SCITECH NEWS

LOADING CONTENT

Privacy Policy

The Privacy Statement is about how this website collects and uses visitor information. The statement contains information that you are entitled to when collecting information from our website, and general information about how we treat personal data.The legal owner of the website is the processing officer for the processing of personal data. It is voluntary for those who visit the web sites to provide personal information regarding services such as receiving newsletters and using the sharing and tip services. The treatment basis is the consent of the individual, unless otherwise specified.

1. Web analytics and cookies (cookies)

As an important part of the effort to create a user-friendly website, we look at the user pattern of those who visit the site. To analyze the information, we use the Google Analytics analysis tool.Google Analytics uses cookies (small text files that the site stores on the user's computer), which registers the users' IP address and provides information about the individual user's online movements. Examples of what the statistics give us answers to are; how many people visit different pages, how long the visit lasts, what websites users come from and what browsers are used. None of the cookies allow us to link information about your use of the site to you as an individual.The information collected by Google Analytics is stored on Google servers in the U.S.. The information received is subject to the Google Privacy Policy.An IP address is defined as a personal information because it can be traced back to a particular hardware and thus to an individual. We use Google Analytics's tracking code to anonymize the IP address before the information is stored and processed by Google. Thus, the stored IP address can not be used to identify the individual user.

2. Search

If the webpage has search function, it stores information about what keywords users use in Google Analytics. The purpose of the storage is to improve our information service. The search usage pattern is stored in aggregate form. Only the keyword is saved and they can not be linked to other information about the users, such as the IP addresses.

3. Share / Tips service

The "Share with others" feature can be used to forward links to the site by email, or to share the content of social networking. Tips for tips are not logged with us, but only used to add the tips to the community. However, we can not guarantee that the online community does not log this information. All such services should therefore be used wisely. If you use the email feature, we only use the provided email addresses to resend the message without any form of storage.

4. Newsletter

The website can send out newsletters by email if you have registered to receive this. In order for us to be able to send e-mail, you must register an e-mail address. Mailchimp is the data processor for the newsletter. The e-mail address is stored in a separate database, not shared with others and deleted when you unsubscribe. The e-mail address will also be deleted if we receive feedback that it is not active.

5. Registration, form

The website may have a form for registration, contact form or other form. These forms are available to the public to perform the tasks they are supposed to do.Registration form is for visitors to sign up or register.Contact form is for visitors to easily send a message to the website's contact person.We ask for the name of the sender and contact information for this. Personal information we receive is not used for purposes other than responding to the inquiry.The form is sent as email via Mailgun as a third party solution. The entire submission will be stored at Mailgun for 24 hours. Between 24 hours and 30 days, only mailheader is stored before the submission is deleted after 30 days. The reason for this storage is to confirm whether emails are sent from the website and forwarded to the correct recipient.Once the email is received by the recipient, it is up to the recipient to determine the data processing needs of the email.

6. Page and service functionality

Cookies are used in the operation and presentation of data from websites. Such cookies may contain language code information for languages ​​selected by the user. There may be cookies with information supporting the load balancing of the system, ensuring all users the best possible experience. For services that require login or search, cookies can be used to ensure that the service presents data to the right recipient.